Adobe Security Bulletin

Security Hotfix Available for LiveCycle Data Services

Release date: August 18, 2015

Last updated: August 28, 2015

Vulnerability identifier: APSB15-20

Priority: See table below

CVE number: CVE-2015-3269

Platform: All Platforms

Summary

Adobe has released a security hotfix for LiveCycle Data Services.  This hotfix addresses an important vulnerability that could result in information disclosure.  Adobe recommends users apply the available patch using the instructions provided in the "Solution" section below. 

Affected Versions

Product

Affected Versions

Platform

LiveCycle Data Services

4.7, 4.6.2, 4.5, 3.1.x, 3.0.x

Windows, Macintosh and Unix

Solution

Adobe categorizes this hotfix with the following priority rating and recommends users apply the relevant patch available below using the instructions provided in this KB article:

Product

Updated Versions

Platform

Priority

LiveCycle Data Services

4.7.0.354169

Windows, Macintosh and Unix

3

 

4.6.2.354169

Windows, Macintosh and Unix

3

 

4.5.1.354169

Windows, Macintosh and Unix

3

 

3.1.0.354173

Windows, Macintosh and Unix

3

 

3.0.0.354170

Windows, Macintosh and Unix

3

Patches

Version

File Contents

Checksum (SHA1)

4.7.0.354169

flex-messaging-core.jar

13913aeeab44cca926311d69beab7144acd5cd69

 

 

 

4.6.2.354169

flex-messaging-core.jar

13913aeeab44cca926311d69beab7144acd5cd69

 

 

 

4.5.1.354169

flex-messaging-core.jar

1a7caded7b92da7f7a339b4708a70a6bc0c38a0c

 

 

 

3.1.0.354173

flex-messaging-core.jar

0b6e26f5f7a70c524bdd56642a2a3201dc0a3687

 

 

 

3.0.0.354170

flex-messaging-core.jar

0b6e26f5f7a70c524bdd56642a2a3201dc0a3687

Download

Download

Vulnerability Details

This hotfix resolves an issue associated with parsing crafted XML entities that could lead to information disclosure (CVE-2015-3269).  

Acknowledgments

Adobe would like to thank Matthias Kaiser of Code White for reporting this issue and for working with Adobe to help protect our customers.

Revisions

August 28, 2015: Added 3.1.x to the list of affected versions as well as added the updated jar for version 3.1.0.354173. 

 Adobe

Get help faster and easier

New user?

Adobe MAX 2024

Adobe MAX
The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX

The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX 2024

Adobe MAX
The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX

The Creativity Conference

Oct 14–16 Miami Beach and online